CmjSpy (g)
(Backdoor.Win32.CmjSpy.g)

by cmjboy

Written in Delphi, compressed with UPX

Made in China

more versions 




Server:
dropped files:
c:\WINDOWS\scanregw .exe 
c:\WINDOWS\taskmon .exe 
c:\WINDOWS\SYSTEM\SysTray .Exe 
c:\WINDOWS\scanregw .exe 
c:\WINDOWS\taskmon .exe 
c:\WINDOWS\SYSTEM\mgkdll .exe 
c:\WINDOWS\SYSTEM\ppx.txt 
c:\WINDOWS\SYSTEM\systemdllx.vxd 
c:\WINDOWS\SYSTEM\tdllcope.vxd 


port: 55555 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry" 
Old data: C:\WINDOWS\scanregw.exe /autorun 
New data: "C:\WINDOWS\scanregw .exe" /autorun 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "SystemTray" 
Old data: SysTray.Exe 
New data: "SysTray .Exe" 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Taakcontrole" 
Old data: C:\WINDOWS\taskmon.exe 
New data: "C:\WINDOWS\taskmon .exe"
MegaSecurity